Questions tagged [exploit]

An exploit is a piece of software, a chunk of data, or sequence of commands that takes advantage of a bug, glitch, or vulnerability in order to cause unintended or unanticipated behavior to occur. This frequently includes such things as gaining control of a computer system, allowing privilege escalation, or a denial of service attack.

790 questions

votes

4 answers

Is it possible to exploit a javascript math function that allows PEMDAS?

I have a form field on my page, which if the user types a simple math equation into it, I would like to replace the value with the solution. So if the user types 1 + 2 into the field and hits enter I replace the input value with 3. Currently I only…

asked Nov 27 '12 at 22:44

Andy Ray

30,372
14
101
138

votes

3 answers

Why use Push/Pop instead of Mov to put a number in a register in shellcode?

I have some sample code from a shell code payload showing a for loop and using push/pop to set the counter: push 9 pop ecx Why can it not just use mov? mov ecx, 9

assembly x86 exploit shellcode

asked Jun 16 '19 at 12:24

Hawke

votes

1 answer

Encouraging the CPU to perform out of order execution for a Meltdown test

I am attempting to exploit the meltdown security flaw on Ubuntu 16.04, with an unpatched kernel 4.8.0-36 on an Intel Core-i5 4300M CPU. First, I am storing the secret data at an address in kernel space using a kernel module : static __init int…

linux-kernel x86 intel cpu-architecture exploit

asked Mar 30 '19 at 11:45

BenKenobi007

votes

3 answers

C Code how to change return address in the code?

I just wrote a C Code which is below : #include #include void func(char *str) { char buffer[24]; int *ret; strcpy(buffer,str); } int main(int argc,char **argv) { int x; x=0; …

c buffer-overflow exploit

asked Apr 04 '11 at 18:36

Santosh V M

1,541
7
25
41

votes

1 answer

Pickle Exploiting

I have an assignment to send a pickle file to a server which unpickles anything sent to it. My plan is to have it email me back the ls command printed out. I have this file: import smtplib import commands status, output =…

python pickle exploit

asked Dec 07 '17 at 22:55

Batman

votes

1 answer

Vulnerabilities in caching of obfuscated key? Android Licensing

I'm caching a user's authentication to whenever the Android Market Licensing ping server returns a GRANT_ACCESS pong. Does anyone see any vulnerabilities with this strategy? I believe it is very strong, since I am obfuscating a key, and the only way…

android security exploit

asked Dec 11 '10 at 00:28

hunterp

15,716
18
63
115

votes

1 answer

How does heap-spray attack work?

I've read two articles about heap-spraying: Wikiepdia and this blog post. I understand how the shell code is introduced in to the program's memory. But how the program is made to jump/call to the address memory located on heap? What kind of crash…

c++ c security exploit

asked Nov 05 '10 at 23:31

Piotr Czapla

25,734
24
99
122

votes

4 answers

How to spot java deserialization issues?

i would like to be able to spot problems with deserialization in java code. What should i look for? For example, how would one determine if some java code tries to exploit "java calendar bug"? Note that i'm not a java programmer, but i understand…

java serialization exploit

asked Nov 01 '10 at 11:42

PeterK

6,287
5
50
86

votes

1 answer

Is it possible to exploit a vulnerable function if its input is safe?

Assume that I have a code having buffer overflow vulnerability as following int func(const char *str){ char buffer[100]; unsigned short len = strlen(str); if(len >= 100){ return -1; } strncpy(buffer,str,strlen(str)); …

c++ c security exploit

asked Apr 30 '15 at 07:42

smttsp

4,011
3
33
62

votes

1 answer

Finding stack buffer overflows

I have read 5 Papers/articles and 2 videos on Stack Buffer Overflows, and Heap overflows. I have written a program that was vulnerable overflowed and exploited that, ran a server on port 7777 that was vulnerable, overflowed and exploited that. But…

c memory stack-overflow heap-memory exploit

asked Apr 24 '15 at 13:18

Noah_DuV

votes

1 answer

Null byte injection in an upload form

I'm trying to reproduce the Null Byte Injection attack on an upload form. I have this code: File…

php forms security exploit

asked Feb 09 '13 at 21:27

Efuveo

votes

2 answers

I don't understand this Code

I do not understand this code snippet : function ms(){ var plc=unescape('". unescape( '\x43\x43\x43\x43\n.............\xEF'. $URL).CollectGarbage(); if (mf)return(0); mf=1; var…

javascript security exploit

asked Mar 16 '09 at 18:22

M3taSpl0it

2,967
6
28
27

votes

3 answers

How is the modified return address in a stack based buffer overflow attack approximated?

I understand that a typical stack based buffer overflow attack payload looks something like this: (return address) (return address) ... (return address) (return address) (return address) (return address) (NOP) (NOP) (NOP) (NOP) ... (NOP) …

c security x86 buffer-overflow exploit

asked Apr 03 '11 at 14:48

pepsi

6,785
6
42
74

votes

3 answers

Is it safe to redirect to an url like so: "https://example.com/" + userData?

Can I safely use user data when redirecting to an url on my own domain? Assume that I own example.com. If normal usage of my app would require me to redirect users to urls like this at times, is this ok? https://example.com/ + userData Is there…

http-redirect exploit

asked Feb 28 '19 at 16:12

Brad Parks

66,836
64
257
336

votes

0 answers

Meltdown PoC Detailed Code Review

I read all the week-end about Meltdown and Spectre I also have already read the .pdfs for Spectre and Meltdown which are Must Read for anyone seeking more knowledge about these exploits but unfortunately don't provide detailed explanations on the…

c security assembly nasm exploit

asked Jan 29 '18 at 14:14

Antonin GAVREL

9,682
8
54
81

Prev 1 2 3

…

52 53 Next